Facebook’s “next steps in openness” raises questions

Facebook's wildly popular "Facebook Connect" service may be the polar opposite …

Facebook has made massive strides in the past year towards its goal of becoming not just the dominant social network worldwide, but also a major provider of universal identity on the Web (although its VP of Engineering tries to argue otherwise). Facebook Connect, launched just two months ago, has quickly gained support from thousands of partners, but mounting criticism of the company's "walled garden" approach has caused it to make an announcement that can only be described as perplexing.

On Facebook's official Developer Blog, a post titled "Next Steps in Openness" announces the social network's impending support for OpenID, a competing, open source effort that provides universal ID management and login credentials. Actually, scratch that—all Facebook really stated was that it has been "participating in OpenID efforts" all along. It's just now touting a recent presentation by one of its experts at an OpenID summit and that the company has officially joined OpenID's board. Facebook will also host an OpenID Design Summit next week in its Palo Alto headquarters.

In terms of identity management, Facebook Connect and OpenID are diametrically opposed solutions to the same problem. After Facebook Connect went live in December 2008, any site was allowed to become a partner, which let visitors use their Facebook credentials to log in, populate registration forms (at the user's discretion), and share their activity from that site back to their Facebook account.

The key here is that Facebook Connect allows users' identities to be harnessed outside of Facebook, but Facebook remains the gatekeeper for all that personal information. This is both convenient and conceptually simple from a user's perspective, but it is also the primary target of the "walled garden" arguments.

OpenID, on the other hand, is a distributed identity management system that allows any site to become a provider and/or a supporter. In the past year, Google, Microsoft, IBM, Yahoo, MySpace, Windows Live, and even VeriSign have pledged support. However, consumer confusion and questions over privacy and security have plagued OpenID's adoption, as many key players, such as MySpace and Yahoo, have only become either a provider of credentials or a consumer—but not both. This means that you can use your Yahoo account as an OpenID to log into other sites, but you cannot yet use an OpenID that you created at, say, openid.net, to log into Yahoo's services.

The case for OpenID seems even more confusing after Facebook's pseudo-announcement of support, in part because no actual details of what this support will mean have been offered. Will Facebook provide OpenID credentials alongside Facebook Connect, or will it allow users to register or login at Facebook.com with any ol' OpenID? What about linking a Facebook account to an OpenID so either can be used to log into remote sites? If users cancel their Facebook accounts, will their identity information live on in the OpenID? Or will both go down with the ship?

None of these questions are answered by Facebook's announcement or even the corresponding announcement at openid.net. Ars contacted a Facebook representative to gather more details, but we didn't get much: "We are committed to building tools and services that enable a more open and social Web, and working closely with other groups and standards in the industry is an important step in this."

"Our hope," the response continues, "is that we’ll be able to contribute to the OpenID community by helping a) lead and refine the direction of the user experience and b) helping gain widespread adoption by working with our partners and working with the protocol ourselves."

Facebook already boasts over 4,000 Facebook Connect partners including Hulu, The Discovery Channel, and Digg. While OpenID has support from some of the largest names in the industry, users don't seem to be signing up in droves. It is difficult to see what Facebook gains by supporting OpenID, or even how a partnership like this can help clear up the confusion regarding its approach.